CVE-2023-3425 MEDIUM

CVE-2023-3425: CVE-2023-3425: Out-of-Bounds memory read

Vendor M-Files
Product M-Files Server
Weakness CWE-125
Published August 25, 2023
Last update February 23, 2026

CVSS base score

6.5/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

What the vulnerability does

01Description

Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from memory.

Key dates

02Disclosure timeline

August 25, 2023 CVE published
February 23, 2026 Record updated